roles/dockerserver,services/docker: split docker and traefik logic

roles/dockerserver.nix

@@ -1,5 +1,5 @@
 # Module: roles/dockerserver
-# Enables a Docker server
+# Enables a Docker server with traefik
 #
 # Note that this module interacts with the traefik module, in that if traefik
 # is enabled, it will add the traefik user to the docker group and enable the
@@ -17,11 +17,8 @@ with lib;
 
 let
   cfg = config.dockerserver;
-  refreshInterval = "5s";
-  dockerSocketPath = "/run/docker.sock";
   dockerSocket = "unix://${dockerSocketPath}";
   dockerTraefikNetwork = "proxy";
-  dexPrometheusPort = 9081;
 in
 {
   options.dockerserver = {
@@ -29,23 +26,10 @@ in
   };
 
   config = mkIf cfg.enable {
-    environment.systemPackages = with pkgsUnstable; [
-      docker
-      docker-compose
-    ];
+    docker.enable = true;
+    traefik.enable = true;
 
-    virtualisation.docker = {
-      enable = true;
-      enableOnBoot = true;
-      storageDriver = "overlay2";
-      autoPrune = {
-        enable = true;
-        persistent = true;
-      };
-    };
-
-    # Integrate traefik with docker if it's enabled
-    services.traefik = mkIf config.services.traefik.enable {
+    services.traefik = {
       staticConfigOptions.providers.docker = {
         endpoint = dockerSocket;
         exposedByDefault = false;
@@ -59,58 +43,5 @@ in
     systemd.services.traefik.serviceConfig = mkIf config.services.traefik.enable {
       BindReadOnlyPaths = [ dockerSocketPath ];
     };
-
-    environment.etc."alloy/docker.alloy".text = ''
-      discovery.docker "docker_containers" {
-      host             = "${dockerSocket}"
-      refresh_interval = "${refreshInterval}"
-      }
-
-      discovery.relabel "docker_relabel" {
-      	targets = []
-
-      	rule {
-      		source_labels = ["__meta_docker_container_name"]
-      		regex         = "/(.*)"
-      		target_label  = "container"
-      	}
-
-      	rule {
-      		source_labels = ["__meta_docker_container_log_stream"]
-      		target_label  = "logstream"
-      	}
-
-      	rule {
-      		source_labels = ["__meta_docker_container_label_logging_jobname"]
-      		target_label  = "job"
-      	}
-      }
-
-      loki.source.docker "docker_logs" {
-      	host             = "${dockerSocket}"
-      	targets          = discovery.docker.docker_containers.targets
-      	forward_to       = [loki.write.default.receiver]
-      	relabel_rules    = discovery.relabel.docker_relabel.rules
-      	refresh_interval = "${refreshInterval}"
-      }
-    '';
-
-    environment.etc."alloy/docker-dex.alloy".text = ''
-      prometheus.scrape "dex_scrape" {
-      	targets = [
-      		{
-      			"__address__" = "127.0.0.1:${toString dexPrometheusPort}",
-      		},
-      	]
-
-      	forward_to = [prometheus.remote_write.default.receiver]
-      	job_name   = "dex"
-      }
-
-    '';
-
-    systemd.services.alloy.serviceConfig.SupplementaryGroups = [ "docker" ];
-
-    users.users.etorres.extraGroups = [ "docker" ];
   };
 }

services/docker.nix

@@ -20,7 +20,6 @@ let
   refreshInterval = "5s";
   dockerSocketPath = "/run/docker.sock";
   dockerSocket = "unix://${dockerSocketPath}";
-  dockerTraefikNetwork = "proxy";
   dexPrometheusPort = 9081;
 in
 {
@@ -44,22 +43,6 @@ in
       };
     };
 
-    # Integrate traefik with docker if it's enabled
-    services.traefik = mkIf config.services.traefik.enable {
-      staticConfigOptions.providers.docker = {
-        endpoint = dockerSocket;
-        exposedByDefault = false;
-        network = dockerTraefikNetwork;
-        watch = true;
-      };
-
-      group = "docker";
-    };
-
-    systemd.services.traefik.serviceConfig = mkIf config.services.traefik.enable {
-      BindReadOnlyPaths = [ dockerSocketPath ];
-    };
-
     environment.etc."alloy/docker.alloy".text = ''
       discovery.docker "docker_containers" {
       host             = "${dockerSocket}"